URL:
  <http://gna.org/bugs/?16396>

                 Summary: Memory corruption in load_ruleset_game() on 64bit
system
                 Project: Freeciv
            Submitted by: cazfi
            Submitted on: Tuesday 08/10/2010 at 12:03
                Category: general
                Severity: 3 - Normal
                Priority: 1 - Later
                  Status: Ready For Test
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
                 Release: TRUNK
         Discussion Lock: Any
        Operating System: None
         Planned Release: 2.3.0

    _______________________________________________________

Details:

load_ruleset_game() casts int pointer to size_t pointer in call to
secfile_lookup_str_vec() which then puts size_t variable through that
pointer. This is not nice when int, we reserve space for, is 32 bit, and
size_t, we insert, is 64 bit.

Fix attached

As always with memory corruption bugs, consequences of this bug depend on
compiler optimization - what compiler decides to put next to teams variable.
In compilation with optimization completely disabled this was causing
variable 'file' to be zeroed leading to error message:
"1: in secfile_check_unused() [../../../src.patched/utility/registry.c::969]:
assertion '((void *)0) != secfile_sections(secfile)' failed."



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Tuesday 08/10/2010 at 12:03  Name: 64bitSizetFix.diff  Size: 795B   By:
cazfi

<http://gna.org/bugs/download.php?file_id=9770>

    _______________________________________________________

Reply to this item at:

  <http://gna.org/bugs/?16396>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/


_______________________________________________
Freeciv-dev mailing list
Freeciv-dev@gna.org
https://mail.gna.org/listinfo/freeciv-dev

Reply via email to